Critical Remote Code Execution in Palo Alto Networks PAN‑OS (CVE‑2026‑0300) Threatens Enterprise Firewalls
What It Is — Palo Alto Networks disclosed a critical flaw (CVE‑2026‑0300) in its PAN‑OS operating system that powers PA‑Series and VM‑Series firewalls. The vulnerability enables unauthenticated remote code execution when authentication portals are exposed to untrusted networks.
Exploitability — Public exploit code appeared on Tuesday; CISA confirmed active exploitation on Wednesday and issued an emergency directive. CVSS v3.1 base score 9.3 (Critical). No patch is yet available; mitigations will be bundled in releases expected within two weeks.
Affected Products — PAN‑OS software, PA‑Series hardware firewalls, VM‑Series virtual firewalls. The issue is triggered by specific configuration settings that expose authentication portals to the internet.
TPRM Impact — The flaw resides in a core security control used by thousands of Fortune 500 enterprises and government agencies. Compromise of a firewall can cascade to downstream vendors, SaaS providers, and cloud workloads, creating a supply‑chain foothold for attackers.
Recommended Actions —
- Immediately apply Palo Alto’s interim mitigations (restrict authentication portals to trusted internal IP ranges).
- Conduct a rapid inventory of all PAN‑OS devices and verify configuration compliance.
- Prioritize patch deployment as soon as the May 13 release is available; test in a staging environment first.
- Review third‑party contracts that rely on Palo Alto firewalls for data protection and update risk registers.
- Monitor CISA alerts and threat‑intel feeds for exploitation indicators.
Source: The Record – Palo Alto warns of critical software bug used in firewall attacks